We are currently facing an issue using a load balancer with a search head cluster. This is an Elastic Load Balancer in AWS and we can't use the Load Balancer cookie, has to be an application cookie. I have seen this issue before and seen people fix it by using the cookie session_id_PORTNUMBER, but our deployment doesn't need the user to connect to splunk web, it' just a service connecting through the ELB to the rest Api in port 8090(Had to change from default 8089). I have also tried splunkd_443 to no avail.
The problem is that the ELB is throwing the petitions for login and for getjobs to different servers.
Is there any other application cookie I could use? This is for splunk 9.0.4
... View more